Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:1078-1

Опубликовано: 01 апр. 2024
Источник: suse-cvrf

Описание

Security update for libvirt

This update for libvirt fixes the following issues:

  • CVE-2024-2494: Fixed negative g_new0 length can lead to unbounded memory allocation (bsc#1221815).

Список пакетов

Image SLES15-SP3-SAP-BYOS-Azure
libvirt-client-7.1.0-150300.6.41.1
libvirt-libs-7.1.0-150300.6.41.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
libvirt-client-7.1.0-150300.6.41.1
libvirt-libs-7.1.0-150300.6.41.1
Image SLES15-SP3-SAP-BYOS-GCE
libvirt-client-7.1.0-150300.6.41.1
libvirt-libs-7.1.0-150300.6.41.1
SUSE Linux Enterprise Micro 5.1
libvirt-daemon-7.1.0-150300.6.41.1
libvirt-daemon-driver-interface-7.1.0-150300.6.41.1
libvirt-daemon-driver-network-7.1.0-150300.6.41.1
libvirt-daemon-driver-nodedev-7.1.0-150300.6.41.1
libvirt-daemon-driver-nwfilter-7.1.0-150300.6.41.1
libvirt-daemon-driver-qemu-7.1.0-150300.6.41.1
libvirt-daemon-driver-secret-7.1.0-150300.6.41.1
libvirt-daemon-driver-storage-7.1.0-150300.6.41.1
libvirt-daemon-driver-storage-core-7.1.0-150300.6.41.1
libvirt-daemon-driver-storage-disk-7.1.0-150300.6.41.1
libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.41.1
libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.41.1
libvirt-daemon-driver-storage-logical-7.1.0-150300.6.41.1
libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.41.1
libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.41.1
libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.41.1
libvirt-daemon-qemu-7.1.0-150300.6.41.1
libvirt-libs-7.1.0-150300.6.41.1
SUSE Linux Enterprise Micro 5.2
libvirt-client-7.1.0-150300.6.41.1
libvirt-daemon-7.1.0-150300.6.41.1
libvirt-daemon-driver-interface-7.1.0-150300.6.41.1
libvirt-daemon-driver-network-7.1.0-150300.6.41.1
libvirt-daemon-driver-nodedev-7.1.0-150300.6.41.1
libvirt-daemon-driver-nwfilter-7.1.0-150300.6.41.1
libvirt-daemon-driver-qemu-7.1.0-150300.6.41.1
libvirt-daemon-driver-secret-7.1.0-150300.6.41.1
libvirt-daemon-driver-storage-7.1.0-150300.6.41.1
libvirt-daemon-driver-storage-core-7.1.0-150300.6.41.1
libvirt-daemon-driver-storage-disk-7.1.0-150300.6.41.1
libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.41.1
libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.41.1
libvirt-daemon-driver-storage-logical-7.1.0-150300.6.41.1
libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.41.1
libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.41.1
libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.41.1
libvirt-daemon-qemu-7.1.0-150300.6.41.1
libvirt-libs-7.1.0-150300.6.41.1
SUSE Linux Enterprise Module for Server Applications 15 SP5
libvirt-bash-completion-7.1.0-150300.6.41.1

Ссылки

Описание

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.

Затронутые продукты
Image SLES15-SP3-SAP-BYOS-Azure:libvirt-client-7.1.0-150300.6.41.1
Image SLES15-SP3-SAP-BYOS-Azure:libvirt-libs-7.1.0-150300.6.41.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM:libvirt-client-7.1.0-150300.6.41.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM:libvirt-libs-7.1.0-150300.6.41.1
Ссылки
Уязвимость SUSE-SU-2024:1078-1